Digital space or Cyberspace is the driving force for the world today. From ordering a cab to ordering food to booking tickets for travel to shopping, everything can happen with just tapping a finger. The magic that made this happen was the advent of Internet and technology.
However, as they say every coin has two sides. Cybercrime is the bad boy of the digital world. Cybercrime, also known as computer crime, is directed towards the use of computer as an instrument to fulfill illegal means such as intellectual property violation, committing fraud, child pornography, committing fraud, stealing identities, violating privacy, etc.
Cyber security is one of the biggest challenges for the world today. Majority of big crimes today like counterfeiting, terrorism, piracy, privacy etc. are somewhere connected to the cyberspace in one way or the other. India also is very vulnerable and exposed to the cyber-attacks in recent times. The reason behind this are the inherent vulnerabilities that are difficult to be removed, innumerable entry points on the internet, misdirected attribution to the third parties and the fact that attack technology which is consistently outpacing the defence technology.
Therefore, it is essential to know about the safeguards available for cybercrimes in India, especially digital safeguards.
Current Protection provided under Indian Legal Framework against cybercrime
The protection to combat cybercrime is twofold:
- The Information Technology Act, 2000
- Indian Penal Code of 1860.
For crimes like email account hacking, credit card fraud, web defacement, introduction of virus, phishing and email scams, source code theft and theft of confidential information, the protection is available under the IT Act, 2000. Though IT Act does not expressly define cyber-crime but include both cyber-crimes and cyber contraventions. The important provision related to cyber-crime and their punishments are as following:
Talking about Indian Penal Code, 1860 it was amended to include the word "electronic" and expanding the scope of IPC by treating electronic records and documents on a par with physical records and documents. Further sections such as 192, 204, 463, 464, 464, 468 to 470, 471, 474, 476 which deal with false entry or false document were also amended to include ‘electronic record and electronic document’.
IPR and Cybercrimes
Companies around the globe are coming up with innovative solutions to baffle IPR on the Internet. One such approach is linking from common websites, such that a list of multiple IP like trademarks is included on one website which further directs customers to relevant trademark sites. For example, disc.com offers access to Distributor Information Systems Corporation of Farmington, Connecticut as well as Dynamic Information Systems Corporation of Boulder, Colorado. This approach allows the companies to reconcile the limitation of registering only one disc.com domain name in cyberspace with the ability for separate businesses to own the same trademark in two separate geographic locations in the physical world. Technical measures such as use of Internet keywords, blocking access by Internet users located in a particular country, or by refusing to deliver goods or services to customers located in a particular territory may also alleviate IPR misuse on the Internet.
The IP owners may also themselves use technological protection measures such as encryption and watermarking to safeguard their rights. Also, under “Digital Rights Management (DRM)”, IT tools can be employed to facilitate the right holder to exploit their proprietary rights. The DRM systems aim to enforce certain usage rules in respect of content protected by intellectual property such as the terms and price under which a person is entitled to use work. Relying more on licensing and contracts, together with law to manage their IP assets is also a solution to fight cybercrime.
In Justice K.S. Puttaswamy (Retd) v. Union of India, Hon’ble Supreme Court of India held that ‘The right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution’. Therefore, whenever there is cybercrime violation in respect of person’s private property or his personal belongings, then the accused can also be charged under Article 21 of the Indian Constitution.
Some of the most common examples of this could be hacking into the digital property of the other person, identity theft or stealing person’s intellectual work will be considered to be a violation of his right to privacy. It is the natural and important need of every individual as it sets boundaries and where the interference of other person is restricted.
Learning from the USA
USA has continuously been a global leader in the security regulatory and data privacy arena. Data security and privacy mandates are applicable at federal, state and local levels by the courts, regulators and legislators. In the United States, Wire fraud statute was the premiere law that used to prosecute computer crimes in India. Other acts that deals with cybercrime in India are The Computer Fraud and Abuse Act, 1984, Computer Fraud and Abuse Act of 1986, Electronic Communication Privacy Act, and Cyber Security Enhancement Act. These acts provide protection and strict penalties against the various forms of cybercrime.
In the United States, there are more legislations governing cybercrimes and e-commerce than in India. Child pornography, data communication, data privacy, electronic records and storage all have been mentioned in the different acts and rules thus giving a focus point in a particular area of the Act. This is one thing that India can learn from the US i.e. ‘a dedicated legislation for major cybercrimes’.
The situation today is that there are several laws protect cybercrime each one having its own scope and limitations. India is no doubt imposing sanctions to deal with such crimes. However, the conviction rate is found to be insignificant. However, what is needed a specific law particularly dealing with cybercrimes. Just like what UK did in 1990, when it enacted the Computer Misuse Act 1990.